Security

Every row of tenant data in the database is scoped by tenant_id and enforced by Postgres Row-Level Security policies. Every query we run sets the tenant context via SELECT set_config('app.current_tenant', $1, true), and the database itself refuses to return rows that don't match. A cross-tenant leak would require a Postgres-level vulnerability, not an application bug.

• In transit: TLS 1.2+ on every connection (Cloudflare + Vercel + Railway).
• At rest: AES-256 via Supabase disk encryption.
• Sensitive credentials (OAuth tokens to your third-party services): encrypted at the application layer with AES-256-GCM before being stored. Even a compromised database doesn't yield plaintext tokens.

Clerk manages all authentication. We never see or store passwords. Supported sign-in methods:

• Google, Apple, and Microsoft SSO
• Passwordless magic links
• WebAuthn / passkeys
• SSO (SAML, OIDC) on our Business tier (coming)

Sessions are short-lived JWTs signed by Clerk. Every API call verifies the token server-side against Clerk's JWKS.

• All backend exceptions captured in Sentry with tenant-scoped context (never raw PII).
• Every user action that changes data writes an audit record (who, when, what, before/after).
• All AI outputs — drafts, analyses, decisions — are retained with their full prompt + model + cost for replay and review.

Productiviti agents never send, post, or publish anything without explicit user approval, unless you have intentionally enabled auto-approve for that specific agent. The default is draft + review, even for paid tiers. Approvals are logged with the exact reviewer, timestamp, and edit diff.

• SOC 2 Type 1 audit scheduled for Q3 2026
• GDPR-aligned by architecture (DPO available, 30-day deletion, export)
• CCPA-aligned (data access, deletion, opt-out)
• Australian Privacy Act aligned (APP 1-13)
• Industry-specific credentials (AHPRA for health, ABN verification for AU trades) planned for the relevant industry packs.

• Code changes reviewed before merge; automated tests on pull requests.
• Secrets managed via platform vaults (Railway + Vercel), rotated on compromise.
• Principle of least privilege on all infrastructure access.
• Database backups with point-in-time recovery.
• Quarterly credentials rotation on shared third-party services.

We take responsible disclosure seriously. If you find a vulnerability, please email security@productiviti.net with a description and, if possible, a proof of concept. We respond within 48 hours and commit to public credit (if you want it) after a fix ships.